Skip to main content
Kinetic Community

Active Directory Group Create

Creates an Active Directory group entry and uses the provided parameter values to specify common attributes. This handler will fail if the group already exists.

Downloads

By downloading this file, you acknowledge that you agree to our Terms of Service

active_directory_group_create_v2.zip

Detailed Description

This handler will use the server information and user credentials configured in the task info values to authenticate and connect to the specified Active Directory server (using LDAP) and create a group entry.

In order to build up the Distinguished Name (a unique identifier for the active directory user entry), the handler uses a template specified as a task info value.

The following entry attributes are set once the user entry is created:

  • Direct Mappings

    • name => Group Name
    • mail => Email Address
    • description => Description
    • info => Notes
  • Computed Mappings

    • grouptype => Numerical representation of the group scope and type.
  • Special Attributes

    • objectclass => [top,group]

Task Info Configuration

  • dn_format - This value is used to specify the distinguished name of the Active Directory group entry to be created. Anything within curly braces {} will be replaced with the value of the entry attribute or task info value associated with that key. For example, the default format is 'CN={displayname},CN=Users,{base}'. In this case {displayname} is replaced with the displayname attribute value and {base} is replaced with the value of the 'base' task info value. A full list of available entry attributes is available above. If you use organizational units they can be substituted into the distinguished name in this manner.

Parameters

Name Description
Group Name The name of the group to be created
Description The description of this group
Email Address The Email Address for this group. Active Directory can be configured so that all members of a group are notified when the group receives an Email.
Group Scope Security groups or distribution groups are characterized by a scope that identifies how they are applied in the domain tree or forest. There are three group scopes: universal, global, and domain local.
Group Type There are two group types, security and distribution. Security groups allow you to manage user and computer access to shared resources. Distribution groups are intended to be used solely as email distribution lists.
Notes Additional information about the group

Sample Configuration

Parameter Example Configuration
Group Name <%=@results['New Group Name']%>
Description Allows access to the accounting resources
Email Address Accounting@company.com
Group Scope Global
Group Type Security
Notes <%=@results['Notes']%>

Results

Name Description
Distinguished Name CN=Accounting,CN=Users,DC=kineticdata,DC=com

Change Log

Version Date Description
2 2014-08-05 * Changed the password info value to be encrypted.
1 2011-01-24 * Initial version. See README for details.